Yahoo urged their users to immediately reset their passwords following reports that over 500 million account information were compromised.
The incident happened as Yahoo nears the completion of its multi-billion dollar sale to Verizon.
The account information may have include names, email addresses, telephone numbers, dates of birth, hashed passwords and encrypted or unencrypted security questions and answers.
The company said that it was working with law enforcement agencies as it started to hunt for the perpetrator.
Yahoo however denied that the breached was an inside job, saying there is no evidence that the "state sponsored actor" is currently in Yahoo's network.
While it vows to notify potentially affected users, Yahoo said changing passwords remains the best option. It also urged users to check their accounts and observe for suspicious activities.
It however said that its ongoing investigation suggests that stolen information did not include payment card data, bank account information, and payment card data.
"The company further recommends that users avoid clicking on links or downloading attachments from suspicious emails and that they be cautious of unsolicited communications that ask for personal information," the statement added.
The breach first caught the headlines last August when hacker "Peace" went in the dark web announcing the sale of over 200 million Yahoo accounts. "Peace" use to offload hacked data from MySpace and LinkedIn.
In May 2013, over 22 million accounts of Yahoo Japan were leaked online but no user data was compromised.